Azure Apps registration. How to generate Client Id and Client Secret for your connector?

This article explains how to register an Apps in Azure Active Directory in order to give access to Graph Apis. Following this tutorial will allow you to generate the Client Id and Client Secret that you would need in your connectors.

Step 1 : Create a new Application.

Login to Azure portal using your Office 365 administrator account.

      • Go to
      • Select Azure Active Directory
      • Click on App Registration (Preview)

Azure Active Directory Apps Registration

  • Click on New Registration

Give a name to the application.

Supported Account types: Select Accounts in their Organizational directory Only

Redirect URL is not used. Enter any value. I.e https://notused

Click On Register.



Register An Application


Create a New Secret.

  • Click on Certificates and Secrets
  • Click On New Client Secret

Enter a description, an expiration date and Click Add

New Client Secret

Note the client Secret as it will never be displayed again.

At this step, the Application is created.

To get your Client ID, go to the Overview section. Your Client ID will be displayed as shown in the screenshot below:

The next step is to give it the permissions to use Graph Apis.

Step 2: Permissions

  • Click On API Permissions
  • Click on Add a permission

API Permissions

  • Click on Select An API

Select an API

  • Click on Microsoft Graph, then Application Permissions and add the following permissions:

When used as a source connector, select the ReadAll Permission.

When used as a target connector, select the ReadWrite.All Permission

Graph Api Permissions
Details of the permissions.

Migration to Office 365 groups or Office 365 teams require:

Microsoft Graph:

  • Group.Read.All, Group.ReadWrite.Alls, User.Read.All, Directory. Read.All.
    • See
    • And
  • Sites.ReadAll, Sites.ReadWrite.All, Sites.Manage.All, Sites.FullControl.All

SharePoint Graph: 

  • Sites.FullControl.all 
  • Sites.Manage.all 
  • Sites.Read.all 
  • Sites.ReadWrite.All 

Migration from OneDrive requires:

Microsoft Graph:

  • Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
    • See

SharePoint Graph:

  • Sites.FullControl.all 
  • Sites.Manage.all 
  • Sites.Read.all 
  • Sites.ReadWrite.All 

SharePoint Migration requires:

Microsoft Graph:

  • Group.Read.All and  Group.ReadWrite.All. 
  • User.Read.All 
  • Sites.Read.All, Sites.ReadWrite.All
    • See

SharePoint Graph: 

  • Sites.FullControl.all 
  • Sites.Manage.all 
  • Sites.Read.all 
  • Sites.ReadWrite.All 

Gal sync requires:

  • User.Read.All
  • Group.Read.All
  • Directory.Read.All

When all the feeds are added, Grant consent.

If the Grant Consent button is greyed out like in the screenshot above, you would have to follow these steps:

  • Go back to Azure Active Directory.
  • Click on App Registrations (and not App registrations Preview)
  • Click on your App
  • Go to Settings
  • Go to Required Permissions
  • Click on Grant Permissions


You’re all set! All you need to do is provide the Client Id and Client Secret in your connector and start migrating!

Meet Cloudiway - A powerful and automated migration and coexistence platform. We support G Suite, Office 365, Zimbra, Lotus and lots more...
Register Now